“Our skilled cybersecurity workforce is not growing fast enough to keep pace,” Biden said Wednesday at a meeting with chief executives including Apple Inc.’s Tim Cook, Alphabet Inc.’s Sundar Pichai, Amazon.com Inc.’s Andy Jassy, Microsoft Corp.’s Satya Nadella, and JPMorgan Chase & Co.’s Jamie Dimon.
The meeting follows massive cyber and ransomware attacks over the past year on critical infrastructure, including that of Colonial Pipeline Co. and JBS SA, as well as software and cloud providers such as Microsoft and SolarWinds Corp., which have largely been perpetrated by cyber groups based in Russia and China.
Biden called the meeting to discuss how industry and the federal government can work together to improve cybersecurity in the face of debilitating ransomware and cyberattacks. The president urged the CEOs to make commitments on workforce development and improvements to cybersecurity in their sectors, according to a senior administration official.
Among the actions the White House has taken this year is an executive order directing federal agencies to boost security protocols and mandating cyber incident reporting from large pipeline companies. But more collaboration is needed between private companies and government, the senior official said, adding that the private sector in many cases has more authority or influence than the government to make necessary cybersecurity changes.
The White House announced the National Institute of Standards and Technology will work with industry to create a framework on improving security in the technology supply chain. It would provide guidance on how to build secure technology and review the security of products, including open source software. IBM, Microsoft, Google, Travelers Cos. Inc. and Coalition, a cyber insurance company, committed to the initiative.
Tech companies at the event announced initiatives for cybersecurity workforce training in an effort to fill the roughly 500,000 open jobs in the industry.
Google pledged to invest more than $10 billion in three years on cybersecurity computing and software programs. Additionally, the company committed to retraining 100,000 Americans in IT support and analytics work.
As Google has faced more regulatory scrutiny, the company has rolled out several job re-training programs. Google has long had a team of engineers dedicated to spotting security holes in other companies, and more recently it has pitched security as a selling point for its cloud business.
“Leading the world in cybersecurity is critical to our national security,“ Kent Walker, Google’s global affairs chief, wrote in a blog post on Wednesday.
Apple announced it will create a program focused on supply chain security improvements. The program will include multi-factor authentication adoption, security training and incident response.
International Business Machines Corp. said it plans to train more than 150,000 people in cybersecurity skills over the next three years and will work with more than 20 Historically Black Colleges and Universities to increase its diversity in hiring.
Microsoft announced it has made $150 million available for technical assistance to federal, state and local governments with upgrading security protections and will expand cybersecurity training for community college and non-profits. The company also said it will invest $20 billion over the next five years to integrate cybersecurity into the design of its products and deliver advanced security solutions.
Amazon plans in October to release cybersecurity training materials it has developed to keep its employees and sensitive information safe from cyberattacks. The company will also allow qualified Amazon Web Services account holders to receive a multi-factor authentication device at no additional cost.
TIAA-CREF Individual & Institutional Services, LLC has partnered with NYU’s Tandon School of Engineering to provide free tuition for employees to obtain a master’s degree in cybersecurity. They’ve also developed a pilot program with the University of North Carolina Charlotte for employees to get certificates in AI data and cybersecurity.
The talent shortfall in cybersecurity spans industries. That means gaps exist in all 16 critical infrastructure sectors, like energy, health care and manufacturing — and that companies in those sectors lack the necessary personnel to adequately defend computer networks against cyberattacks, said Simone Petrella, CEO of the cybersecurity training firm CyberVista.
The cybersecurity talent portal CyberSeek — a project support by the National Initiative for Cybersecurity Education — estimates more than 464,000 cybersecurity job opening between April 2020 and March 2021.
The meeting focused on ransomware, the root causes of malicious cyber activity, and how to ensure that cybersecurity is baked into technology sold by industry from the start, according to the senior official.
After the meeting with Biden, several key cabinet secretaries led three breakout sessions with the industry participants.
Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer Granholm led a session on critical infrastructure resilience, with executives from the energy and water sectors. The White House announced it is expanding an Industrial Control Systems cybersecurity initiative to include natural gas pipelines. The initiative already has focused on cyber improvements in the electric utility sector.
Commerce Secretary Gina Raimondo and head of the Small Business Administration Isabella Guzman met with tech and insurance executives on improving the security of cloud and tech systems.
Chris Inglis, the U.S.’s first national cyber director, led a third session focused on cybersecurity workforce.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, also participated.
Other participants included chief executives from banking giants Bank of America Corp. and US Bancorp; energy companies Southern Co. and Duke Energy Corp.; and water and wastewater utilities including American Water Works Co. Inc.